CVE-2023-25721

EPSS 0.22%
Veröffentlicht 28.03.2023 20:15:11
Zuletzt bearbeitet 19.02.2025 19:15:13
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

Veracode Scan Jenkins Plugin before 23.3.19.0, when the "Connect using proxy" option is enabled and configured with proxy credentials and when the Jenkins global system setting debug is enabled and when a scan is configured for remote agent jobs, allows users (with access to view the job log) to discover proxy credentials.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Veracode ≫ Veracode SwPlatformjenkins Version < 23.3.19.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.22%	0.441

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.5	2.8	3.6	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
134c704f-9b21-4f2e-91b3-4a467353bcc0	6.5	2.8	3.6	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CWE-532 Insertion of Sensitive Information into Log File

The product writes sensitive information to a log file.

https://docs.veracode.com/updates/r/c_all_int#veracode-jenkins-plugin-233190

Release Notes

https://veracode.com

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2023-25721

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-25721

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-25721

EUVD